Skip to content

Commit

Permalink
feat(java): add dependency location support for gradle files (#6083)
Browse files Browse the repository at this point in the history
  • Loading branch information
DmitriyLewen authored Feb 8, 2024
1 parent 428420e commit 535b5a9
Show file tree
Hide file tree
Showing 5 changed files with 13 additions and 4 deletions.
2 changes: 1 addition & 1 deletion docs/docs/coverage/language/java.md
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ The following table provides an outline of the features Trivy offers.
|------------------|:---------------------:|:----------------:|:------------------------------------:|:--------:|
| JAR/WAR/PAR/EAR | Trivy Java DB | Include | - | - |
| pom.xml | Maven repository [^1] | Exclude ||[^7] |
| *gradle.lockfile | - | Exclude | - | - |
| *gradle.lockfile | - | Exclude | - | |

These may be enabled or disabled depending on the target.
See [here](./index.md) for the detail.
Expand Down
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ require (
github.com/alicebob/miniredis/v2 v2.31.1
github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986
github.com/aquasecurity/defsec v0.94.1
github.com/aquasecurity/go-dep-parser v0.0.0-20240202105001-4f19ab402b0b
github.com/aquasecurity/go-dep-parser v0.0.0-20240208080026-8cc7d408bce4
github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce
github.com/aquasecurity/go-npm-version v0.0.0-20201110091526-0b796d180798
github.com/aquasecurity/go-pep440-version v0.0.0-20210121094942-22b2f8951d46
Expand Down
4 changes: 2 additions & 2 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -325,8 +325,8 @@ github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986 h1:2a30
github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986/go.mod h1:NT+jyeCzXk6vXR5MTkdn4z64TgGfE5HMLC8qfj5unl8=
github.com/aquasecurity/defsec v0.94.1 h1:lk44bfUltm0f0Dw4DbO3Ka9d/bf3N8cWclSdHXMyKF4=
github.com/aquasecurity/defsec v0.94.1/go.mod h1:wiX9BX0SOG0ZWjVIPYGPl46fyO3Gu8lJnk4rmhFR7IA=
github.com/aquasecurity/go-dep-parser v0.0.0-20240202105001-4f19ab402b0b h1:GEwxQO0+OcZ4wgmtqU+8qBK179BXhz+WHTWahZA5dfM=
github.com/aquasecurity/go-dep-parser v0.0.0-20240202105001-4f19ab402b0b/go.mod h1:P0PmelcN1ABKJrDzRbPnn6hK7RvgI+xmjiV/9uPaNnY=
github.com/aquasecurity/go-dep-parser v0.0.0-20240208080026-8cc7d408bce4 h1:6qs80w4qPbPnF6GhbIifSANqfCrq90CKtSUBaw6p0z0=
github.com/aquasecurity/go-dep-parser v0.0.0-20240208080026-8cc7d408bce4/go.mod h1:P0PmelcN1ABKJrDzRbPnn6hK7RvgI+xmjiV/9uPaNnY=
github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce h1:QgBRgJvtEOBtUXilDb1MLi1p1MWoyFDXAu5DEUl5nwM=
github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce/go.mod h1:HXgVzOPvXhVGLJs4ZKO817idqr/xhwsTcj17CLYY74s=
github.com/aquasecurity/go-mock-aws v0.0.0-20240109054747-49e4b5da33cb h1:dNxUB2bSbiLGNYcXkbBKrrfuY96+dXhA9FahEFZ4THQ=
Expand Down
2 changes: 2 additions & 0 deletions integration/testdata/gradle.json.golden
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@
"Vulnerabilities": [
{
"VulnerabilityID": "CVE-2020-9548",
"PkgID": "com.fasterxml.jackson.core:jackson-databind:2.9.1",
"PkgName": "com.fasterxml.jackson.core:jackson-databind",
"PkgIdentifier": {
"PURL": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.1"
Expand Down Expand Up @@ -87,6 +88,7 @@
},
{
"VulnerabilityID": "CVE-2021-20190",
"PkgID": "com.fasterxml.jackson.core:jackson-databind:2.9.1",
"PkgName": "com.fasterxml.jackson.core:jackson-databind",
"PkgIdentifier": {
"PURL": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.1"
Expand Down
7 changes: 7 additions & 0 deletions pkg/fanal/analyzer/language/java/gradle/lockfile_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -27,8 +27,15 @@ func Test_gradleLockAnalyzer_Analyze(t *testing.T) {
FilePath: "testdata/happy.lockfile",
Libraries: types.Packages{
{
ID: "com.example:example:0.0.1",
Name: "com.example:example",
Version: "0.0.1",
Locations: []types.Location{
{
StartLine: 4,
EndLine: 4,
},
},
},
},
},
Expand Down

0 comments on commit 535b5a9

Please sign in to comment.